JonHoyle.com Mirror of MacCompanion
http://www.maccompanion.com/macc/archives/July2009/Books/iPhoneForensics.htm
macCompanion MyAppleSpace Forum Archives Products Services About Us FAQs

Resources

                                           

Consultants

Developers

Devotees

Downloads

"Foreign" Macs

Forums

Hearsay

Link Lists

Mac 3D

Macazines

Mac Jobs

MUG Shots

News

Radio

Reviews

Think Different

Training

 

iPhone Forensics

Reviewed by Robert Pritchett

Author: Jonathan Zdziarski

O'Reilly

Released: September 2008

Pages: 138

$40

ISBN:9780596153588

 

Strengths: Shows the underside of the iPhone and how to access it.

 

Weaknesses: None found. You need to know forensics and feel comfortable with command line.

 

Webcast

Introduction

 

"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!" - Andrew Sheldon, Director of Evidence Talks, computer forensics experts

 

With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:

  • Determine what type of data is stored on the device
  • Break v1.x and v2.x passcode-protected iPhones to gain access to the device
  • Build a custom recovery toolkit for the iPhone
  • Interrupt iPhone 3G's "secure wipe" process
  • Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition
  • Recover deleted voicemail, images, email, and other personal data, using data carving techniques
  • Recover geotagged metadata from camera photos
  • Discover Google map lookups, typing cache, and other data stored on the live file system
  • Extract contact information from the iPhone's database
  • Use different recovery strategies based on case needs

And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide and is a must-have for any corporate compliance and disaster recovery plan.

 

What I Learned

 

This is such a cool book! I had no idea the ways to get "into" an iPhone were so easy.

 

The book also opened my eyes to issues of security. Every app on the iPhone has an electronic trail. In other words, any app can be tracked and cataloged. If you are not paranoid about your habits, you should be. Your information will be freely available to "others". This goes much beyond just GPS tracking.

 

Was this book a quick read? No. It entailed having to download certain files and deciding whether or not to "break" my iPhone to run the programs to verify if this worked as advertised.

 

Now I have version 3.0 installed on my 3G iPhone. But I still have the old unit I hope to one day resurrect so I can work with it again.

 

Because there is a paucity of literature on the topic, this book really is the best source I've found so far regarding accessing the part of the iPhone that normally is hidden from view – unless of course, you break the law and the unit gets used as evidence. But you  would never do that, right?

 

Conclusion

 

There are a lot of things I don't do on an iPhone. I originally intended to use it as my portable computer until I discovered it does some things really well, and others not as well as I'd like. If anybody wants to use my iPhone for evidence against me, they are going to be sadly disappointed. But now I know how to unlock an iPhone and rummage through its dusty closet and find those ever-present skeletons. Just because you think you erased information doesn’t mean it is really gone.

 

Perhaps the most interesting thing I heard via the WWDC was the way to remotely locate an iPhone with 3.0 and then erase everything on it so the information cannot be used against you. I'll just have to wait until the next versions of unlocking apps come out to find out if that is really true or not. At least now I know how.